Is it safe to store sensitive data in a WebExtension storage?


(Eccenux) #1

Hi. So I need to store some data in the browser storage (browser.storage.local). Can other extensions get to this storage or is it safe to store some sensitive data in there? At least temporarily.

Or maybe there is some better way to store sensitive data for WebExtensions?


(Martin Giger) #2

If you want to guard it from other extensions, then yes, any storage mechanism in WebExtensions is safe (browser.storage and the web storage APIs).

There is currently no dedicated API to store things like OAuth secrets or passwords.

If you want to guard it from arbitrary access, then there is no absolutely safe way to store data in WebExtensions. Storage is written to the file system and could be read by a third party. Encryption is hard to do, since your source is readable too.